Microsoft Previews Defender for APIs in Defender for Cloud -- Redmondmag.com

Microsoft Previews Defender for APIs in Defender for Cloud

By Kurt Mackie
04/25/2023

Microsoft this week introduced a preview of a new "Microsoft Defender for APIs" security solution, which is part of the Microsoft Defender for Cloud service.

Microsoft Defender for Cloud is used to add security and compliance protections for so-called "cloud-native applications," such as workloads hosted across "Amazon Web Services, Google Cloud Platform and Azure Cloud Services," according to this Microsoft description. It's not to be confused with Microsoft Defender for Cloud Apps, which is used to detect security risk issues with software-as-a-service applications.

The new Microsoft Defender for APIs solution in the Microsoft Defender for Cloud service lets organizations "gain visibility into business-critical APIs." Microsoft promises "full lifecycle protection, detection and response coverage" with Microsoft Defender for APIs, according to this Microsoft document description.

Organizations can inventory their managed APIs in a dashboard view, and check for "external, unused, or unauthenticated APIs." The APIs get compared with the OWASP Top 10 security risks for software via a machine learning process. Microsoft Defender for APIs also will show the APIs that are tapping sensitive data. It allows organizations to harden the configurations used with the APIs.

Microsoft Defender for APIs information gets shown in the Microsoft Defender for Cloud Portal or the Azure Portal. Alerts and security recommendations also are shown, and Microsoft Defender for APIs will work with various security information and event management (SIEM) systems.

APIs are used to enable communications between "users, cloud services and data," but they tend to be "loved by developers and threat actors alike," Microsoft's announcement indicated.

"Threat actors increasingly use APIs as their primary attack vector to breach data from cloud applications, which means API security is now a critical priority for CISOs," the announcement explained. It added that typical perimeter-based security controls lack "API behavioral knowledge, which leaves a big hole in API security."

Microsoft's example is the breach of Austrian telco Optus, where customer information was exposed due to "an unprotected and publicly exposed API" that didn't require user authentication for connections.

The preview of Microsoft Defender for APIs is "now available in most Azure commercial regions."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.